Re: More information regarding Etherleak

[Peter Turczak <p_turczak () wiwa de>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Friday 10 January 2003 18:02, Ofir Arkin wrote:
> Who is vulnerable?
> ------------------
> Josh Anderson and I tested several Ethernet cards and device drivers.
>
> We have found several device drivers which are vulnerable but we never
> attempted to find them all. It is simply because there are too many.
> Therefore we have contacted CERT more than 6 months ago and sent them
> the Etherleak paper and asked them to contact OS manufactures, Network
> device manufactures, Chipset manufactures, motherboard manufactures and
> other manufactures and vendors who might need to check their device
> driver's implementations.
>
> In our tests we have experienced this bug under 4 different operating
> systems:
>
> - Linux
> - NetBSD
> - FreeBSD
> - Microsoft Windows
I audited our system running under various operating systems.
The following OS do _not_ pad the packets with zero but something else, if 
anybody is interested in the dumps of the frames produced while testing, feel 
free to contact me.

Machine         OS              Version

IBM iSeries     OS/400  
IBM RS/6000     AIX             4.3
Sun E450                Solaris 8
HP Printers             JetDirect       Various

Identification of the vunerability was done by "ping -s1 <host>" and analysing 
the resulting answers using ethereal, looking if the ethernet trailer was 
different from all zero.


Greetings 

   Peter Turczak

- --

WIWA Gmbh&Co KG
Networking Dept.
Gewerbestr. 1-3
D-35633 Lahnau
GERMANY

Voice: ++49-6441-609-12
FAX: ++49-6441-609-50
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+H1ZDEOIt4Nhv5cwRAuU8AJ0a0BpdY2rq90RKk0nlx5KiNPZrqQCaAmPY
G7CtTaw8qKWLvLvRTlOM+28=
=r8NM
-----END PGP SIGNATURE-----